In recent decades, Internet services have become an essential component of modern society, providing a wide spectrum of applications. The diversity of users, some of whom have limited security knowledge, increases the likelihood of accessing malicious websites, specifically developed by attackers to steal sensitive information, money, or personal data. Traditional defense countermeasures, such as blocklists - manually curated lists of known malicious domains maintained by specialized companies - rely on comparing a website's identifier against those contained within the blocklist. Although this approach is widely adopted, it is purely reactive: it protects users only after the malicious site has been detected and included in the list.